Posted by robd
on April 24, 2018
Active Directory,
powershell /
No Comments
Hi All,
A chap called Michael Grafnetter has created a brilliant PowerShell script to check password hashes in Active Directory against a list of simple or common passwords.
This is great to encourage users not to use obvious passwords, for example if a company is called Contoso then you’d want to encourage users not to use Contoso1 etc.
Here’s how:
Download the software:
https://github.com/MichaelGrafnetter/DSInternals/releases/tag/v2.22
Copy the DSInternals directory to your PowerShell modules directory, e.g.
|
|
C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DSInternals |
|
|
C:\Users\John\Documents\WindowsPowerShell\Modules\DSInternals. |
Launch Windows PowerShell.
(Optional) If you copied the module to a different directory than advised in step 4, you have to manually import it using the Import-Module .\DSInternals\DSInternals.psd1 command.
Next create a text file called passwords.txt and fill it with passwords you’d like to scan for, example:
|
|
Password Password1 Contoso1 |
Then here’s an example script:
First set the password txt file.
Then set the Domain Contoller, in this case DC1
Then set the distinguished name of the OU and sub OUs you can to scan:
Note ” and ‘ are not showing up properly,
$dictionary = Get-Content passwords.txt | ConvertTo-NTHashDictionary Get-ADReplAccount -All -Server DC1 -NamingContext ‘dc=adatum,dc=com’ | Test-PasswordQuality -WeakPasswordHashes $dictionary -ShowPlainTextPasswords -IncludeDisabledAccounts
|
|
$dictionary = Get-Content passwords.txt | ConvertTo-NTHashDictionary Get-ADReplAccount -All -Server DC1 -NamingContext 'dc=adatum,dc=com' | Test-PasswordQuality -WeakPasswordHashes $dictionary -ShowPlainTextPasswords -IncludeDisabledAccounts |
Here’s an output:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
Active Directory Password Quality Report ---------------------------------------- Passwords of these accounts are stored using reversible encryption: April Brad Don LM hashes of passwords of these accounts are present: These accounts have no password set: Guest nolan test Passwords of these accounts have been found in the dictionary: adam Pa$$w0rd peter July2016 Historical passwords of these accounts have been found in the dictionary: april Pa$$w0rd brad Pa$$w0rd These groups of accounts have the same passwords: Group 1: Aidan John Group 2: Joe JoeAdmin JoeVPN These computer accounts have default passwords: LON-CL2$ Kerberos AES keys are missing from these accounts: Julian Kerberos pre-authentication is not required for these accounts: Holly Chad Only DES encryption is allowed to be used with these accounts: Holly Jorgen These administrative accounts are allowed to be delegated to a service: Administrator April krbtgt Passwords of these accounts will never expire: Administrator Guest These accounts are not required to have a password: Guest Magnus Maria |
Tags: Active Directory, password, PowerShell
Posted by robd
on October 26, 2017
Direct Access,
powershell,
Server /
1 Comment
My Windows 10 client wouldn’t connect to our Direct Access severs today, kept just getting Connecting
So to troubleshoot I’d recommend:
Checking your internet connection:
Now its worth running some PowerShell commands to get the actual error:
This likeley means your proxy is in the way of your connection.
Check the settings:
Get-NetIPHttpsConfiguration
Double check your internet connection
Test-NetConnection
I think its time to check the proxy settings:
Check if you can get to a website via IE and try via another browser such as Firefox.
If you cant then check if your proxy is off:
Now check the windows 10 proxy and the Netsh proxy:
Windows 10, turn it off:
Check the netsh and then turn it off or reset it to IE:
|
|
#Show the proxy settings: netsh winhttp show proxy #Reset it to default netsh winhttp reset proxy #Set to IE netsh winhttp import proxy source=ie |
When reset should look like this:
Failing that reset the IP Helper in services.msc or reboot:
The netsh settings fixed it for me, the reason I’d set it was to allow PowerShell out to the internet for Exchange 365 work.
Tags: Direct Access, DirectAccess, netsh, PowerShell
Posted by robd
on October 27, 2016
powershell /
No Comments
Change the DNS from a list of servers:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
#Change DNS for a list of servers #Get the admin permissions $LoginPassword = Get-Credential #Get the list of computers from a text file $computer = get-content C:\temp\servers.txt #Get the DNS IP's using the get-wmiobject (using wmi as some servers dont have powershell installed) $NICs = Get-WMIObject Win32_NetworkAdapterConfiguration -computername $computer -Credential $LoginPassword |where{$_.IPEnabled -eq “TRUE”} # for each server list the current setting Foreach($NIC in $NICs) { Write-Host "DNS Servers before change:" $NIC.DNSServerSearchOrder #Change the settings to this $DNSServers = "10.10.7.1","10.10.7.2" $NIC.SetDNSServerSearchOrder($DNSServers) #$NIC.SetDynamicDNSRegistration(“TRUE”) #After Change - Not tested Write-Host "DNS Servers after Change:" $NIC.DNSHostName $NIC.DNSServerSearchOrder } |
Tags: DNS, PowerShell
Posted by robd
on October 27, 2016
powershell /
No Comments
As per the title, find the DNS addresses from a text list of servers:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
#Get the DNS for a List of Servers #Get the admin permissions $LoginPassword = Get-Credential #Get the list of computers from a text file $computer = get-content C:\temp\servers.txt #Get the DNS IP's using the get-wmiobject (using wmi as some servers dont have powershell installed) $NICs = Get-WMIObject Win32_NetworkAdapterConfiguration -computername $computer -Credential $LoginPassword |where{$_.IPEnabled -eq “TRUE”} # for each server list the current setting Foreach($NIC in $NICs) { Write-Host "DNS Servers:" $NIC.DNSHostName $NIC.DNSServerSearchOrder } |
Tags: DNS, PowerShell
Posted by robd
on July 24, 2016
exchange 2010,
powershell /
No Comments
To add send as permissions from the existing permissions on a mailbox you can use this script:
All you need to do is specify the username twice:
|
|
$users = Get-MailboxPermission -identity "USERNAME" | where {$_.user -notlike "*SELF" -and $_.isinherited -eq $false} foreach ($user in $users) { $mailboxuser = get-aduser "USERNAME" Add-ADPermission -Identity $mailboxuser.DistinguishedName -ExtendedRights Send-As -User $user.user } |
Tags: Exchange, permissions, PowerShell
Posted by robd
on July 19, 2016
exchange 2010,
powershell /
No Comments
So We had a shared mailbox that was originally opened in Finland and as such the inbox was named postilaatikkoon and sent items was named Lähetetyt.
So I thought I’d jump into OWA and change the language there, well it turns out that has nothing to do with Folder names.
So after some research I found I could use:
|
|
Outlook.exe /resetFolderNames |
But the mailbox is shared so doesn’t have a enabled user to logon with so I found this Exchange PowerShell command:
|
|
set-MailboxRegionalConfiguration -id "Mailbox Name" -LocalizeDefaultFolderName:$true -Language en-GB |
Job done.
Tags: Exchange 2010, FolderNames, Outlook, PowerShell
Posted by robd
on June 24, 2016
exchange 2010,
powershell /
No Comments
To connect to Exchange and use powershell use this command:
|
|
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://ExchangeServer.DOMAIN.LOCAL/PowerShell/ -Authentication Kerberos Import-PSSession $Session |
Tags: Exchange, PowerShell
Posted by robd
on April 16, 2016
Office 365,
powershell /
No Comments
Before I get started this is not referring to standard Distribution Groups, this email refers to the groups that can be created in the newer version of Office 365 that allow a “Lync-esque” conversation feature but with added functionality, such as reviewing previous messages when added at a later date.
In most environments this would be a great feature, workplace and alike, however in environments like schools it can lead to some administrative troubles as there is no, current, way to administrate the groups once created as they are hidden to the admin unless viewed within the mailbox/OWA of the user doing the creating.
In this particular case these groups needed to be, A: removed manually, and B: disabled from future creation.
First you have to log in to the exchange mailbox via PowerShell, so have your admin credentials ready, once you are in and are ready to make changes, this is the command to run;
|
|
Set-OwaMailboxPolicy -Identity <strong>DOMAIN.LOCAL</strong>\OwaMailboxPolicy-Default -GroupCreationEnabled $false |
You can create a new policy and apply the above change to it, then set that policy as the default for your users/groups.
Please see this article for a much more in-depth overview of the feature and how to disable or utilize it.
If you have any questions please email me.
Tags: Exchange, exchange 2013, office 365, PowerShell
So today I was trying to running some cross domain PowerShell commands on Exchange but kept getting the following error:
|
|
The operation couldn't be performed because object 'user' couldn't be found on 'Server_Name.Domain' |
Which basically means the Domain Controller your referencing can only see your sub domain and nothing higher. So to resolve run this before the command:
|
|
Set-AdServerSettings -ViewEntireForest $True |
Tags: Exchange, Exchange 2010, PowerShell, ViewEntireForest
Posted by robd
on December 01, 2014
powershell /
1 Comment
Today a client noticed several thousand failed secuity attempts on their Terminal Server:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x5f8 Caller Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: SERVER01 Source Network Address: 124.166.240.111 Source Port: 56272 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - |
So after filtering the Event 4625 in event viewer I found I couldnt export the Source Network Address. So came up with this handy powershell script to export the IP to a csv:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
$DT = [DateTime]::Now.AddDays(-1) $logName = '{0}{1}_security4625_log_{2}.csv' -f "c:\temp\", $DT.tostring("dd-MM-yyyy"), $env:Computername Get-EventLog -LogName 'Security' ` -InstanceId 4625 ` -After $DT | Select-Object @{ Name='TargetUserName' Expression={$_.ReplacementStrings[5]} }, @{ Name='WorkstationName' Expression={$_.ReplacementStrings[1] -replace '\$$'} }, @{ Name='IpAddress' Expression={$_.ReplacementStrings[-2]} }, @{ Name='IpPort' Expression={$_.ReplacementStrings[-5]} } | Export-Csv -Path $logName |
Tags: event, PowerShell, Server 2008, terminal server
